diff --git a/backport-CVE-2025-6141.patch b/backport-CVE-2025-6141.patch new file mode 100644 index 0000000000000000000000000000000000000000..764adf97a9c09c7e8e0d6c1f13b55a881ededb2d --- /dev/null +++ b/backport-CVE-2025-6141.patch @@ -0,0 +1,33 @@ +From 27d1493340d714e7be6e08c0a8f43e48276149c4 Mon Sep 17 00:00:00 2001 +From: "Thomas E. Dickey" +Date: Sat, 29 Mar 2025 22:52:37 +0000 +Subject: [PATCH] snapshot of project "ncurses", label v6_5_20250329 + +Conflict:remove unnecessary modifications +Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/27d1493340d714e7be6e08c0a8f43e48276149c4 +--- + ncurses/tinfo/parse_entry.c | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c +index a2278c07f..c551c780b 100644 +--- a/ncurses/tinfo/parse_entry.c ++++ b/ncurses/tinfo/parse_entry.c +@@ -48,7 +48,7 @@ + #include + #include + +-MODULE_ID("$Id: parse_entry.c,v 1.108 2023/04/24 22:32:33 tom Exp $") ++MODULE_ID("$Id: parse_entry.c,v 1.116 2025/03/24 22:27:29 tom Exp $") + + #ifdef LINT + static short const parametrized[] = +@@ -990,6 +990,8 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base) + bp = tp->Strings[from_ptr->nte_index]; + if (VALID_STRING(bp)) { + for (dp = buf2; *bp; bp++) { ++ if ((size_t) (dp - buf2) >= (sizeof(buf2) - sizeof(TERMTYPE2))) ++ break; + if (bp[0] == '$' && bp[1] == '<') { + while (*bp && *bp != '>') { + ++bp; diff --git a/ncurses.spec b/ncurses.spec index f186c62f23198c76adb2f5813ec1ba6164330b7b..da04a53cec635322fb3458ee0c2025c3942cc42c 100644 --- a/ncurses.spec +++ b/ncurses.spec @@ -1,6 +1,6 @@ name: ncurses Version: 6.4 -Release: 9 +Release: 10 Summary: Terminal control library License: MIT URL: https://invisible-island.net/ncurses/ncurses.html @@ -17,6 +17,7 @@ Patch16: backport-fix-coredump-when-use-Memmove.patch Patch17: backport-CVE-2023-50495.patch Patch18: backport-CVE-2023-45918.patch Patch19: ncurses-sw-support.patch +Patch20: backport-CVE-2025-6141.patch BuildRequires: make gcc gcc-c++ gpm-devel pkgconfig @@ -251,6 +252,12 @@ xz NEWS %{_mandir}/man7/* %changelog +* Mon Jul 14 2025 yanglu - 6.4-10 +- Type:CVE +- CVE:CVE-2025-6141 +- SUG:NA +- DESC:fix CVE-2025-6141 + * Mon Feb 17 2025 zhangshaoning - 6.4-9 - Add sw_64 support